Despite budget boost, more resources needed for Australia’s cyber defence
3 May 2022|

The federal government’s 2022–23 budget allocates $9.9 billion for boosting Australia’s cyber defence capabilities. The expansion forms part of the government’s commitment to the AUKUS pact, building out the military workforce to support its objectives.

The successful deployment of critical technologies—cyber, artificial intelligence and quantum computing—into Australia’s defence and national security assets can’t be achieved solely through off-the-shelf acquisition from our allies. The government must partner with Australia’s technology and broader ICT sector to provide capabilities where we already have them, rather than simply buying from overseas.

The need for local capability is critical. With cyber, AI and quantum, data moves from being a supporting asset to a core component—effectively becoming the fuel that powers these capabilities. As with fuel, data storage and transmission will continue to be central to the operation of Australia’s critical infrastructure providers.

Conversations in this arena will ramp up as regional tensions continue to seep into the virtual world and our data infrastructure becomes an attractive target for adversaries.

Over the past year we have witnessed a raft of sophisticated attacks launched against all levels of government, as well as health, utilities, food and critical supply chains.

The Australian Cyber Security Centre’s latest annual cyber threat report found that 35% of cyberattacks reported in 2020–21 were launched against government agencies.

Australia has become too reliant on foreign suppliers to store and protect our data assets, undermining our ability to ensure that defence and other government data is entirely under Australia’s jurisdictional control.

In July, the parliament passed legislation allowing electronic data held offshore to be accessed for local law enforcement and national security purposes. This was yet another push towards the establishment of a bilateral agreement with the US under its Clarifying Lawful Overseas Use of Data (CLOUD) Act, a move that would enable unfettered data access between countries and raise concerns over privacy.

The Australian ICT industry already has the capability to deliver many of the data storage and protection services we need, to world-class standards, while also being genuinely sovereign to Australia.

Australia boasts its own burgeoning local cloud industry. It has been expanding for years and was supercharged by the Covid-19 pandemic, as organisations, government agencies and industries digitised activities en masse. The growth has been assessed by local analyst firm Telsyte, which predicts the local cloud market will be worth over $3 billion by 2025.

Further, the demand for local and sovereign data centres to store information has led to Australia’s emergence as one of the fastest-growing data centre locations, with the country now occupying one-tenth of data centre space in the world.

There’s no reason why the Department of Defence or any other government agency should be contracting these services to foreign-owned companies and, in the process, offshoring our data protection and storage. There are wholly sovereign Australian companies that provide the full suite of ICT services governments require.

This is not simply an argument for government to ‘buy Australian’. To be effective partners, ICT businesses need clear guidelines on what areas government will support, including the building of local capabilities, and what should be delivered by allies or other international partners.

In the absence of clear guidelines, businesses are often left second-guessing where to invest to best support the government’s technology needs. Even with the best and most well-informed intentions, those investments may not align with the government’s requirements.

What’s needed is an overarching whole-of-government ICT strategy and policies that specify and prioritise the sovereign technological capabilities we will need for a future-proof digital Australia.

The good news is that we have a ready-made framework currently in use to support defence materiel procurement that can be easily adapted to serve our ICT and critical technology needs.

The defence sovereign industrial capability priorities include AI, robotics and cyber technologies, and imbue Australian businesses looking to partner with the government in these areas with the confidence they need to invest and innovate, knowing it will align with Defence’s procurement policy requirements.

The government should adapt and apply this methodology to ICT and critical technologies so that all government agencies can make procurement decisions based on utilising Australian capability first.

This does not mean the capabilities of our allies are left out in the cold. It simply means we look first in our own cupboard for a solution, and in the event that we lack a specific capability, we then turn to our allies and partners.

This is not asking for ICT to get special treatment. Rather, it is a recognition of the ubiquity of ICT in our economy.

ICT is essential to each of our sectors, including defence and national security. It contributes as much as finance and insurance, and more than four times as much as agriculture. In fact, according to recent research by Accenture for the Technology Council of Australia, the technology sector contributed $167 billion to Australia’s GDP in 2020–21.

More importantly, ICT is not just a core dependency of Australia’s critical infrastructure, but is critical infrastructure itself.

Australian businesses are playing a major role in building the sovereign capabilities required to meet the challenges and opportunities of a cyber-oriented future. They have invested heavily in the development of talent, infrastructure and intellectual property, and demonstrated both technological and strategic capabilities.

The $9.9 billion injection demonstrates that the government understands the critical nature of cyber defence, but industry needs to participate. The local sector wants to work with Defence as its partner, and to help design a roadmap for sovereign ICT and critical technology.

A clear strategy that sets out our national priorities will benefit not only Australian technology businesses, but also government and the entire economy.